[opensuse] Adventures with pam_tally
Folks: For some reason pam_tally is turning into more of a bear that I thought - One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd: auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root unlock_time=90 reset all else remained the same.............(file at bottom of post) Anyway when I test it out with faillog it records the attempts but doesn't block after 3 tries. You can try a dozen time but when you put in the right password it still logs you in! All I want it to do is lock the account after 3 attempts and I can't figure out how - Know this list is about OpenSuse but I need help - it will be appreciated! Michael ------/etc/pam.d/sshd----------------------------------------------------------- #%PAM-1.0 auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root reset # auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README) #session optional pam_resmgr.so fake_ttyname -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Folks:
Sorry should of looked at logs before posting - while my new
confguration clears up some error messages it still doesn't work!
Turns out "reset", "no_magic_root" are no longer used and deny should
be with auth not account!
M-
.........................../etc/pam.d/login.................
sperg:/etc/pam.d # more login
#%PAM-1.0
#
auth required pam_tally.so onerr=fail deny=3 per_user magic_root
account required pam_tally.so magic_root
#
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard
---------------------------------------------------/etc/pam.d/sshd--------------------------------
#%PAM-1.0
auth required pam_tally.so onerr=fail deny=3 per_user magic_root
account required pam_tally.so magic_root
#
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
On 5/16/07, Michael Folsom
Folks:
For some reason pam_tally is turning into more of a bear that I thought -
One SLES10 I added the following two lines to the beginning of /etc/pam.d/sshd:
auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root unlock_time=90 reset
all else remained the same.............(file at bottom of post)
Anyway when I test it out with faillog it records the attempts but doesn't block after 3 tries. You can try a dozen time but when you put in the right password it still logs you in! All I want it to do is lock the account after 3 attempts and I can't figure out how -
Know this list is about OpenSuse but I need help - it will be appreciated!
Michael
------/etc/pam.d/sshd-----------------------------------------------------------
#%PAM-1.0 auth required pam_tally.so onerr=fail no_magic_root account required pam_tally.so deny=3 no_magic_root reset # auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README) #session optional pam_resmgr.so fake_ttyname
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (1)
-
Michael Folsom